llvm-project.git/libcxx/test/std/strings/basic.string/string.capacity/reserve.pass.cpp, branch main Unnamed repository; edit this file 'description' to name the repository. [ASan][libc++] std::basic_string annotations (#72677) 2023-12-13T05:05:34+00:00 Tacet advenam.tacet@trailofbits.com 2023-12-13T05:05:34+00:00 9ed20568e7de53dce85f1631d7d8c1415e7930ae This commit introduces basic annotations for `std::basic_string`, mirroring the approach used in `std::vector` and `std::deque`. Initially, only long strings with the default allocator will be annotated. Short strings (_SSO - short string optimization_) and strings with non-default allocators will be annotated in the near future, with separate commits dedicated to enabling them. The process will be similar to the workflow employed for enabling annotations in `std::deque`. **Please note**: these annotations function effectively only when libc++ and libc++abi dylibs are instrumented (with ASan). This aligns with the prevailing behavior of Memory Sanitizer. To avoid breaking everything, this commit also appends `_LIBCPP_INSTRUMENTED_WITH_ASAN` to `__config_site` whenever libc++ is compiled with ASan. If this macro is not defined, string annotations are not enabled. However, linking a binary that does **not** annotate strings with a dynamic library that annotates strings, is not permitted. Originally proposed here: https://reviews.llvm.org/D132769 Related patches on Phabricator: - Turning on annotations for short strings: https://reviews.llvm.org/D147680 - Turning on annotations for all allocators: https://reviews.llvm.org/D146214 This PR is a part of a series of patches extending AddressSanitizer C++ container overflow detection capabilities by adding annotations, similar to those existing in `std::vector` and `std::deque` collections. These enhancements empower ASan to effectively detect instances where the instrumented program attempts to access memory within a collection's internal allocation that remains unused. This includes cases where access occurs before or after the stored elements in `std::deque`, or between the `std::basic_string`'s size (including the null terminator) and capacity bounds. The introduction of these annotations was spurred by a real-world software bug discovered by Trail of Bits, involving an out-of-bounds memory access during the comparison of two strings using the `std::equals` function. This function was taking iterators (`iter1_begin`, `iter1_end`, `iter2_begin`) to perform the comparison, using a custom comparison function. When the `iter1` object exceeded the length of `iter2`, an out-of-bounds read could occur on the `iter2` object. Container sanitization, upon enabling these annotations, would effectively identify and flag this potential vulnerability. This Pull Request introduces basic annotations for `std::basic_string`. Long strings exhibit structural similarities to `std::vector` and will be annotated accordingly. Short strings are already implemented, but will be turned on separately in a forthcoming commit. Look at [a comment](https://github.com/llvm/llvm-project/pull/72677#issuecomment-1850554465) below to read about SSO issues at current moment. Due to the functionality introduced in [D132522](https://github.com/llvm/llvm-project/commit/dd1b7b797a116eed588fd752fbe61d34deeb24e4), the `__sanitizer_annotate_contiguous_container` function now offers compatibility with all allocators. However, enabling this support will be done in a subsequent commit. For the time being, only strings with the default allocator will be annotated. If you have any questions, please email: - advenam.tacet@trailofbits.com - disconnect3d@trailofbits.com 
This commit introduces basic annotations for `std::basic_string`,
mirroring the approach used in `std::vector` and `std::deque`.
Initially, only long strings with the default allocator will be
annotated. Short strings (_SSO - short string optimization_) and strings
with non-default allocators will be annotated in the near future, with
separate commits dedicated to enabling them. The process will be similar
to the workflow employed for enabling annotations in `std::deque`.

**Please note**: these annotations function effectively only when libc++
and libc++abi dylibs are instrumented (with ASan). This aligns with the
prevailing behavior of Memory Sanitizer.

To avoid breaking everything, this commit also appends
`_LIBCPP_INSTRUMENTED_WITH_ASAN` to `__config_site` whenever libc++ is
compiled with ASan. If this macro is not defined, string annotations are
not enabled. However, linking a binary that does **not** annotate
strings with a dynamic library that annotates strings, is not permitted.

Originally proposed here: https://reviews.llvm.org/D132769

Related patches on Phabricator:
- Turning on annotations for short strings:
https://reviews.llvm.org/D147680
- Turning on annotations for all allocators:
https://reviews.llvm.org/D146214

This PR is a part of a series of patches extending AddressSanitizer C++
container overflow detection capabilities by adding annotations, similar
to those existing in `std::vector` and `std::deque` collections. These
enhancements empower ASan to effectively detect instances where the
instrumented program attempts to access memory within a collection's
internal allocation that remains unused. This includes cases where
access occurs before or after the stored elements in `std::deque`, or
between the `std::basic_string`'s size (including the null terminator)
and capacity bounds.

The introduction of these annotations was spurred by a real-world
software bug discovered by Trail of Bits, involving an out-of-bounds
memory access during the comparison of two strings using the
`std::equals` function. This function was taking iterators
(`iter1_begin`, `iter1_end`, `iter2_begin`) to perform the comparison,
using a custom comparison function. When the `iter1` object exceeded the
length of `iter2`, an out-of-bounds read could occur on the `iter2`
object. Container sanitization, upon enabling these annotations, would
effectively identify and flag this potential vulnerability.

This Pull Request introduces basic annotations for `std::basic_string`.
Long strings exhibit structural similarities to `std::vector` and will
be annotated accordingly. Short strings are already implemented, but
will be turned on separately in a forthcoming commit. Look at [a
comment](https://github.com/llvm/llvm-project/pull/72677#issuecomment-1850554465)
below to read about SSO issues at current moment.

Due to the functionality introduced in
[D132522](https://github.com/llvm/llvm-project/commit/dd1b7b797a116eed588fd752fbe61d34deeb24e4),
the `__sanitizer_annotate_contiguous_container` function now offers
compatibility with all allocators. However, enabling this support will
be done in a subsequent commit. For the time being, only strings with
the default allocator will be annotated.

If you have any questions, please email:
- advenam.tacet@trailofbits.com
- disconnect3d@trailofbits.com
 Add `std::basic_string` test cases (#74830) 2023-12-12T20:41:59+00:00 Tacet advenam.tacet@trailofbits.com 2023-12-12T20:41:59+00:00 c77cdbac9b121611121adf5806a99aff4812a40c Extend `std::basic_string` tests to cover more buffer situations and length in general, particularly non-SSO cases after SSO test cases (changing buffers). This commit is a side effect of working on tests for ASan annotations. Related PR: https://github.com/llvm/llvm-project/pull/72677 
Extend `std::basic_string` tests to cover more buffer situations and
length in general, particularly non-SSO cases after SSO test cases
(changing buffers). This commit is a side effect of working on tests for
ASan annotations.

Related PR: https://github.com/llvm/llvm-project/pull/72677
 [libc++] Removes basic_string::reserve(). (#73354) 2023-11-25T12:56:40+00:00 Mark de Wever koraq@xs4all.nl 2023-11-25T12:56:40+00:00 494c9e5f59302b1681d1f6171cd01c26004d05fb Implements: - P2870R3 Remove basic_string::reserve() --------- Co-authored-by: philnik777 <nikolasklauser@berlin.de> 
Implements:
- P2870R3 Remove basic_string::reserve()

---------

Co-authored-by: philnik777 <nikolasklauser@berlin.de>
 [libc++] Apply clang formatting to all string unit tests 2023-09-01T17:35:18+00:00 Brendan Emery brendan.emery@esrlabs.com 2023-09-01T17:27:26+00:00 a40bada91aeda276a772acfbcae6e8de26755a11 This applies clang-format to the std::string unit tests in preparation for landing https://reviews.llvm.org/D140550. Differential Revision: https://reviews.llvm.org/D140612 
This applies clang-format to the std::string unit tests in preparation
for landing https://reviews.llvm.org/D140550.

Differential Revision: https://reviews.llvm.org/D140612
[libc++][NFC] Remove some of the code duplication in the string tests 2022-08-26T19:57:42+00:00 Nikolas Klauser nikolasklauser@berlin.de 2022-08-26T15:48:11+00:00 786366b18fadc3d7c4f150e89ef49c165767a668 Reviewed By: ldionne, #libc, huixie90 Spies: huixie90, libcxx-commits, arphaman Differential Revision: https://reviews.llvm.org/D131856 
Reviewed By: ldionne, #libc, huixie90

Spies: huixie90, libcxx-commits, arphaman

Differential Revision: https://reviews.llvm.org/D131856
[libc++] Implement P0980R1 (constexpr std::string) 2022-04-27T10:25:34+00:00 Nikolas Klauser nikolasklauser@berlin.de 2022-04-27T08:11:44+00:00 425620ccdd47e56b59512913cdc71e116f951e4e Reviewed By: #libc, ldionne Spies: daltenty, sdasgup3, ldionne, arichardson, MTC, ChuanqiXu, mehdi_amini, shauheen, antiagainst, nicolasvasilache, arpith-jacob, mgester, lucyrfox, aartbik, liufengdb, stephenneuendorffer, Joonsoo, grosul1, Kayjukh, jurahul, msifontes, tatianashp, rdzhabarov, teijeong, cota, dcaballe, Chia-hungDuan, wrengr, wenzhicui, arphaman, Mordante, miscco, Quuxplusone, smeenai, libcxx-commits Differential Revision: https://reviews.llvm.org/D110598 
Reviewed By: #libc, ldionne

Spies: daltenty, sdasgup3, ldionne, arichardson, MTC, ChuanqiXu, mehdi_amini, shauheen, antiagainst, nicolasvasilache, arpith-jacob, mgester, lucyrfox, aartbik, liufengdb, stephenneuendorffer, Joonsoo, grosul1, Kayjukh, jurahul, msifontes, tatianashp, rdzhabarov, teijeong, cota, dcaballe, Chia-hungDuan, wrengr, wenzhicui, arphaman, Mordante, miscco, Quuxplusone, smeenai, libcxx-commits

Differential Revision: https://reviews.llvm.org/D110598
[libc++] Prepare string.{access, capacity, cons} tests for constexpr 2022-02-08T22:39:44+00:00 Nikolas Klauser nikolasklauser@berlin.de 2022-02-07T20:54:49+00:00 e85018b7dd3a89dda6b22319b03b5906f8a85aed Reviewed By: ldionne, #libc Spies: libcxx-commits, arphaman Differential Revision: https://reviews.llvm.org/D119123 
Reviewed By: ldionne, #libc

Spies: libcxx-commits, arphaman

Differential Revision: https://reviews.llvm.org/D119123
[libc++] [P0966] [C++20] Fix bug PR45368 by correctly implementing P0966: string::reserve should not shrink. 2020-11-26T09:13:12+00:00 Marek Kurdej marek.kurdej@gmail.com 2020-11-26T09:07:16+00:00 841132efda2157c5f9e07cf31469470a6481ffd9 This patch fixes the implementation as well as the tests that didn't actually test the wanted behaviour. You'll find all the details in the bug report. It adds as well deprecation warning for reserve() (without argument) and adds a test. http://wg21.link/P0966R1 https://bugs.llvm.org/show_bug.cgi?id=45368 https://reviews.llvm.org/D54992 Reviewed By: ldionne, #libc Differential Revision: https://reviews.llvm.org/D91778 
This patch fixes the implementation as well as the tests that didn't actually test the wanted behaviour.
You'll find all the details in the bug report.
It adds as well deprecation warning for reserve() (without argument) and adds a test.

http://wg21.link/P0966R1
https://bugs.llvm.org/show_bug.cgi?id=45368
https://reviews.llvm.org/D54992

Reviewed By: ldionne, #libc

Differential Revision: https://reviews.llvm.org/D91778
[libc++] NFC: Clean up a lot of old Lit features 2020-04-10T21:20:29+00:00 Louis Dionne ldionne@apple.com 2020-04-10T20:14:10+00:00 7149bb70681a91de5d490b4bb0714d9e55a05bcc The libc++ test suite has a lot of old Lit features used to XFAIL tests and mark them as UNSUPPORTED. Many of them are to workaround problems on old compilers or old platforms. As time goes by, it is good to go and clean those up to simplify the configuration of the test suite, and also to reflect the testing reality. It's not useful to have markup that gives the impression that e.g. clang-3.3 is supported, when we don't really test on it anymore (and hence several new tests probably don't have the necessary markup on them). 
The libc++ test suite has a lot of old Lit features used to XFAIL tests
and mark them as UNSUPPORTED. Many of them are to workaround problems on
old compilers or old platforms. As time goes by, it is good to go and
clean those up to simplify the configuration of the test suite, and also
to reflect the testing reality. It's not useful to have markup that gives
the impression that e.g. clang-3.3 is supported, when we don't really
test on it anymore (and hence several new tests probably don't have the
necessary markup on them).
[libc++] Mark several tests as XFAIL on macosx10.7 2019-02-27T00:57:57+00:00 Louis Dionne ldionne@apple.com 2019-02-27T00:57:57+00:00 25838c6dacca8203b4478ac2c16e563b51c3708b Those tests fail when linking against a new dylib but running against macosx10.7. I believe this is caused by a duplicate definition of the RTTI for exception classes in libc++.dylib and libc++abi.dylib, but this matter still needs some investigation. This issue was not caught previously because all the tests always linked against the same dylib used for running (because LIT made it impossible to do otherwise before r349171). rdar://problem/46809586 llvm-svn: 354940 
Those tests fail when linking against a new dylib but running against
macosx10.7. I believe this is caused by a duplicate definition of the
RTTI for exception classes in libc++.dylib and libc++abi.dylib, but
this matter still needs some investigation.

This issue was not caught previously because all the tests always linked
against the same dylib used for running (because LIT made it impossible
to do otherwise before r349171).

rdar://problem/46809586

llvm-svn: 354940